Java Security Interview Questions & Answers - Learning Mode

Java security technology includes a large set of APIs, tools, and implementations of commonly used security algorithms, mechanisms, and protocols. The Java security APIs span a wide range of areas, including cryptography, public key infrastructure, secure communication, authentication, and access control.
The Java Class Library provides a number of APIs related to security, such as standard cryptographic algorithms, authentication, and secure communication protocols.

Answer:
Authentication happens first. You verify user?s identity based on credentials. Authorization is making sure the user only gets access to the resources he has credentials for.
Source: CoolInterview.com

Answer:
Generally, the latest version is the safest. Be sure to regularly check your browser vendor's Web pages for announcements of new versions. Look carefully - the announcements are not always prominent.
Source: CoolInterview.com

Answer:
You can request permission to do something and you can demand certain permissions from other apps. You can also refuse permissions so that your app is not inadvertently used to destroy some data.
Source: CoolInterview.com

Answer:
If you maintain sensitive data on your computer that you think an unscrupulous adversary might want, you should disable Java and JavaScript, as well as not installing plug-ins, except from well-known vendors.

If you don't disable Java or JavaScript, think twice before visiting a Web site belonging to a person you don't know or don't trust. Of course, some people will be perfectly happy just living with the risk.

Answer:
You're at risk if you're running a Java-enabled browser and you visit a Web page written by a person you don't know or don't trust. Since the two most common browsers, Netscape Navigator and Microsoft Internet Explorer, are Java-enabled, most people surfing the Web are at risk.
Source: CoolInterview.com

Answer:
This is a general term for Java applets (programs) that exploit security bugs. There are some pages on the Web that demonstrate, with appropriate warning messages, some hostile applets. The applets we've seen are nuisance attacks rather than damaging attacks.
Source: CoolInterview.com

Answer:
So far, there have been no publicly reported, confirmed cases of security breaches involving Java, though there have been some suspicious events that might possibly have involved Java security problems. Of course, the lack of reported cases is no guarantee that there haven't been breaches that either weren't discovered or weren't reported. But it does indicate that breaches are rare.
Source: CoolInterview.com

Answer:
Not directly. But watch out for some newer servers that support "servlets". Servlets are fine if they are all written by the people running the server site; using servlets in this way is probably better than using CGI scripts. Going beyond this to let clients upload Java servlets into your server is very risky.

Of course, you should be careful about which Java applets appear on your server. Unless you wrote the applet yourself, you don't necessarily know what it's doing. If you co
Source: CoolInterview.com

Answer:
There are two classes of security problems: nuisances and security breaches. A nuisance attack merely prevents you from getting your work done - for example it may cause your computer to crash. Security breaches are more serious: your files could be deleted, your private data could be read, or a virus could infect your machine.

If you are the victim of a security breach, any data stored on your machine may be read or corrupted by a bad guy. If you've got important company secrets on y
Source: CoolInterview.com